Lucene search
+L

961 matches found

RedhatCVE
RedhatCVE
added 2026/01/06 8:5 a.m.8 views

CVE-2025-15238

QOCA aim AI Medical Cloud Platform developed by Quanta Computer has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents...

7.1CVSS8.1AI score0.00278EPSS
Exploits0References1
CVE
CVE
added 2026/01/06 12:0 a.m.19 views

CVE-2025-59379

The Red Hat/CIRCL/NVD entries confirm a flaw in DwyerOmega Isensix Advanced Remote Monitoring System (ARMS) 1.5.7 where Blind SQL Injection via the login page's user parameter can disclose credentials from the underlying SQL database. Affected component: ARMS login input handling; root cause: bli...

7.5CVSS7.1AI score0.00341EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2025/12/28 8:32 p.m.4 views

CVE-2025-15153

A weakness has been identified in PbootCMS up to 3.2.12. Impacted is an unknown function of the file /data/pbootcms.db of the component SQLite Database. Executing a manipulation can lead to files or directories accessible. It is possible to launch the attack remotely. Attacks of this nature are...

6.3CVSS4.8AI score0.00429EPSS
Exploits1References4
CNVD
CNVD
added 2025/12/25 12:0 a.m.5 views

Complete Online Beauty Parlor Management System /view-appointment.php File SQL Injection Vulnerability

Complete Online Beauty Parlor Management System is an online beauty parlor management system. The Complete Online Beauty Parlor Management System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally entered SQL statement in the parameter viewid i...

9.8CVSS6.1AI score0.00326EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/12/17 12:0 a.m.6 views

ChurchCRM 安全漏洞

ChurchCRM is an open source church management system. ChurchCRM suffers from an information disclosure vulnerability that originates from the disclosure of database information in an error message, which can be exploited by an attacker to cause the disclosure of database information, including...

9.9CVSS5.8AI score0.00369EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/12/15 12:0 a.m.14 views

PT-2025-51260

Name of the Vulnerable Software and Affected Versions Frappe ERPNext versions through 15.89.0 Description An issue exists in Frappe ERPNext that allows an attacker to extract arbitrary data from the database. The get outstanding reference documents function, located at...

9.8CVSS7.2AI score0.00331EPSS
Exploits1References7
NVD
NVD
added 2025/12/11 10:15 p.m.9 views

CVE-2024-58307

CSZCMS 1.3.0 contains an authenticated SQL injection vulnerability in the members view functionality that allows authenticated attackers to manipulate database queries. Attackers can inject malicious SQL code through the view parameter to potentially execute time-based blind SQL injection attacks...

9.3CVSS0.00448EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/12/09 12:0 a.m.5 views

SAP Application Server for ABAP 安全漏洞

SAP Enterprise Search for ABAP is an enterprise-level unified search software from SAP, a German company. A security vulnerability exists in SAP Enterprise Search for ABAP that stems from a lack of authorization checking and could lead to database table contents being read and exported...

5.5CVSS6.4AI score0.00269EPSS
Exploits0References2
CNVD
CNVD
added 2025/12/07 12:0 a.m.9 views

SQL injection vulnerability in the multimedia integrated business display system of Beijing Shenzhou Vision Han Technology Co., Ltd (CNVD-C-2025-986298)

Ltd. is a deep-rooted enterprise in the field of visualization. A SQL injection vulnerability exists in the multimedia integrated business display system of Beijing Divine Vision Han Technology Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...

5.9AI score
Exploits0
CNVD
CNVD
added 2025/12/03 12:0 a.m.4 views

SQL Injection Vulnerability in Multimedia Integrated Service Display System of Beijing Shenzhou Vision Han Technology Co., Ltd (CNVD-C-2025-976457)

Ltd. is a deep-rooted enterprise in the field of visualization. A SQL injection vulnerability exists in the multimedia integrated business display system of Beijing Divine Vision Han Technology Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...

5.9AI score
Exploits0
EUVD
EUVD
added 2025/12/02 9:31 p.m.5 views

EUVD-2025-200323

NMIS/BioDose V22.02 and previous version installations where the embedded Microsoft SQLServer Express is used are exposed in the Windows share accessed by clients in networked installs. By default, this directory has insecure directory paths that allow access to the SQL Server database and...

8.6CVSS6.8AI score0.00205EPSS
Exploits0References2
NVD
NVD
added 2025/12/02 9:15 p.m.17 views

CVE-2025-64298

NMIS/BioDose V22.02 and previous version installations where the embedded Microsoft SQLServer Express is used are exposed in the Windows share accessed by clients in networked installs. By default, this directory has insecure directory paths that allow access to the SQL Server database and...

8.6CVSS0.00205EPSS
Exploits0References1
CVE
CVE
added 2025/12/02 9:5 p.m.13 views

CVE-2025-64298

CVE-2025-64298 affects NMIS/BioDose V22.02 and earlier where embedded Microsoft SQL Server Express is used. The vulnerability arises from insecure Windows share directory paths by default, enabling local users on networked client workstations to access the SQL Server database and configuration fi...

8.6CVSS6.9AI score0.00205EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/12/02 12:0 a.m.10 views

PT-2025-48779

NMIS/BioDose V22.02 and previous version installations where the embedded Microsoft SQLServer Express is used are exposed in the Windows share accessed by clients in networked installs. By default, this directory has insecure directory paths that allow access to the SQL Server database and...

8.6CVSS7.3AI score0.00205EPSS
Exploits0References2
CNVD
CNVD
added 2025/12/02 12:0 a.m.6 views

SQL Injection Vulnerability in Changjitong T+ of Changjitong Information Technology Co. Ltd (CNVD-C-2025-448742)

T+ is a dynamic, intelligent and fashionable Internet management software, mainly for small and medium-sized industrial, trade and commerce enterprises with integrated financial and business applications, incorporating elements of socialization, mobility, Internet of Things, e-commerce and Intern...

5.9AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/11/26 4:56 p.m.5 views

CVE-2025-12743

The Looker endpoint for generating new projects from database connections allows users to specify "looker" as a connection name, which is a reserved internal name for Looker's internal MySQL database. The schemas parameter is vulnerable to SQL injection, enabling attackers to manipulate SELECT...

6CVSS7.3AI score0.00268EPSS
Exploits0References1
CNVD
CNVD
added 2025/11/26 12:0 a.m.3 views

UFIDA U8 Cloud suffers from SQL injection vulnerability (CNVD-2026-12149)

U8 Cloud is a new-generation cloud ERP Enterprise Resource Planning solution launched by UFIDA, mainly for growing and innovative enterprises, aiming to provide a comprehensive enterprise-level cloud ERP total solution. A SQL injection vulnerability exists in UFIDA U8 Cloud, which can be exploite...

5.9AI score
Exploits0
CNVD
CNVD
added 2025/11/26 12:0 a.m.8 views

SQL Injection Vulnerability in Remote Medical Comprehensive Service Platform of Beijing Divine Vision Han Technology Co. Ltd (CNVD-C-2025-928742)

Ltd. is a deep-rooted enterprise in the field of visualization. A SQL injection vulnerability exists in the remote medical integrated service platform of Beijing Shenzhou Vision Han Technology Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...

5.9AI score
Exploits0
CNVD
CNVD
added 2025/11/25 12:0 a.m.8 views

SQL injection vulnerability in the multimedia integrated business display system of Beijing Shenzhou Vision Han Technology Co., Ltd. (CNVD-C-2025-925300)

Ltd. is a deep-rooted enterprise in the field of visualization. A SQL injection vulnerability exists in the multimedia integrated business display system of Beijing Divine Vision Han Technology Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...

5.9AI score
Exploits0
CNVD
CNVD
added 2025/11/25 12:0 a.m.7 views

SQL Injection Vulnerability in Multimedia Integrated Service Display System of Beijing Shenzhou Vision Han Technology Co., Ltd (CNVD-C-2025-921601)

Ltd. is a deep-rooted enterprise in the field of visualization. A SQL injection vulnerability exists in the multimedia integrated business display system of Beijing Divine Vision Han Technology Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...

5.9AI score
Exploits0
Rows per page
Query Builder